As the world of cryptocurrencies continues to evolve, so do the tactics employed by scammers and fraudsters. One such tactic that has been gaining prominence is called “Approval Phishing.” It is a malicious approach that specifically targets crypto users, exploiting their trust and familiarity with blockchain transactions. Traditionally, scammers would distribute fraudulent crypto apps to deceive their victims. However, in recent years, a new wave of fraudsters known as pig butchering scammers have successfully integrated approval phishing into their schemes, making it an even more dangerous threat.
The Identification and Scope of Approval Phishing
Chainalysis, a leading blockchain analysis firm, has identified over 1,000 addresses involved in deliberate approval phishing activities. This discovery began with a smaller list of known approval phishing addresses that were initially linked to romance scam tactics. Through meticulous analysis of transaction patterns, Chainalysis was able to pinpoint additional addresses related to the original list. Based on their findings, the firm estimates that victims have suffered losses totaling approximately $1 billion due to approval phishing scams since May 2021. It’s important to note that this figure is likely an underestimate, as romance scams are notorious for being underreported, and Chainalysis’s analysis was based on a limited dataset.
The revenue generated by suspected approval phishing scammers has reached staggering heights. In May 2022, victims lost an estimated $516.8 million to approval phishing, compared to $374.6 million between January and November 2023. These increasing losses demonstrate the effectiveness and profitability of this malicious tactic. However, it is crucial to recognize that a small number of highly successful actors are responsible for the majority of approval phishing thefts. The most lucrative approval phishing address is believed to have stolen $44.3 million from thousands of victims’ addresses, accounting for 4.4% of the total estimated stolen during the studied period. Additionally, the top ten approval phishing addresses collectively contributed to 15.9% of all stolen value, and the top 73 accounts were responsible for half of the total value stolen.
In an approval phishing attack, scammers deceive users into approving a malicious blockchain transaction. Once approval is granted, the scammer gains permission to spend specific tokens within the victim’s wallet, allowing them to drain the victim’s address of those tokens at their discretion. To further cover their tracks, approval phishers typically send the victim’s funds to a separate wallet from the one granted approval, enabling them to carry out transactions on the victim’s behalf without raising suspicions.
Identifying Approval Phishing
There are telltale signs to look for in order to identify an approval phishing attack. One such indicator is the on-chain sequence of events. In a legitimate transaction, the victim’s address would sign the approval transaction, and then the funds would be spent from the victim’s address. However, in an approval phishing attack, the approved spender address initiates the draining transaction, bypassing the victim’s address altogether. This deviation from the expected transaction flow is a strong indicator of approval phishing.
Exploiting Trust and Familiarity
Approval phishers often target decentralized apps (dApps), leveraging the familiarity that many crypto users have with signing approval transactions. The nature of permissions granted and the trustworthiness of the party receiving those permissions become critical factors in these attacks. By exploiting this trust and familiarity, scammers can deceive victims into thinking they are engaging in a legitimate transaction, only to have their funds stolen.
Being aware of the threat of approval phishing is the first step towards protecting yourself. Exercise caution when interacting with unfamiliar apps, websites, or platforms. Verify the legitimacy of the address or entity requesting approval transactions before granting any permissions. Additionally, consider implementing multi-factor authentication and regularly monitor your transactions and wallet activity for any suspicious behavior. Education and awareness are key in safeguarding your crypto assets from these evolving threats.
Approval phishing is a rising threat in the crypto world, targeting unsuspecting users and resulting in significant financial losses. The integration of this tactic by romance fraudsters amplifies the risks associated with participating in the crypto market. Increased vigilance, proactive security measures, and a better understanding of approval phishing are crucial for users to safeguard their funds and protect themselves from falling victim to these scams.